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DETAILED ACTION 

1 . This action is in response to the application filed 08/06/04. 

2. Claims 1 - 54 have been examined as claims 40 - 54 have been added. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1 , 1 0, 1.1 , 1 3 -1 8 & 37, 40 - 47, & 51 - 54 are rejected under 35 U.S.C. 
102(e) as being anticipated by Drake et al. USPN 6,347,374 B1. 

Regarding claim 1 , a system comprising: 

operating system providing at least one routine capable of being invoked, and 
said operating system operable to collect audit data for invoked operating system 
routines (FIG.1, 26); 

data storage having collected audit data stored thereto in a first format and 
software code executable by at least one processor to receive said collected audit data 
and generate output comprising at least a portion of said collected audit data in a 
desired format defined by a template, wherein said desired format is different than said 
first format (FIG.1 , 38, see destination directory and parameter, for format also see 2: 
45 - 55, also see storage mechanism, also see 11:12-17 and 17:25- 40). 
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Regarding claim 10, the system of claim 1 wherein said template comprises at 
least one conditional element (2: 45 - 55, see compare, misuse engine and output 
mechanism). 

Regarding claim 1 1 , the system of claim 10 wherein said at least one 
conditional element dictates that said output is to have a particular format if a 
condition is satisfied otherwise said output is to have a different format 
(7:25-31). 

Regarding claim 13, the system of claim 1 wherein said operating system 
comprises a kernel-level audit device driver for collecting said audit data 
(9:55 - 60, see collector for different operating system for kernel level device driver). 

Regarding claim 14, the product version of the system in claim 1, see 
rationale as previously discussed above. 

Regarding claim 15, the computer program product of claim 14 wherein 
said audit data is collected by an operating system (9:55 - 60). 

Regarding claim 16, the computer program product of claim 14 wherein 
said at least one routine includes at least one invoked operating system routine 
(9:55-60, see collector). 

Regarding claim 17, the computer program product of claim 16 wherein 
said at least one invoked operating system routine is invoked by an application 
via system call (10:51 - 57). 

Regarding claim 18, the computer program product of claim 16 wherein 
said at least one invoked operating system routine is invoked via user command 
(8:25-35). 

Regarding claim 37, the software version of the system in claim 1 , see 
rationale as previously discussed above. 

Regarding claim 40, the system of claim 1 wherein said generated output 
comprises presentation output (17:55 - 58). 

Regarding claim 41, the system of claim 40 wherein said presentation output 
presentation output comprises at least one selected from the group consisting of: 

presentation output to a display, and presentation output a printer (17: 55 - 58). 
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Regarding claim 42, the system of claim 40 wherein said presentation output 
presentation output comprises at least one selected from the group consisting of: 

presentation output by a browser, presentation output by a spreadsheet program, 
and presentation output by an application program (for at least one see, displaying and 
printing statistical data 17: 55 - 58). 

Regarding claim 43, the system of claim 1 further comprising: 
user interface for receiving from a user input defining said template (1 7:25 - 40). 

Regarding claim 44, the computer program product of claim 14, wherein said 
code executable to generate output comprises: 

code executable to generate presentation output (see, displaying and printing statistical 
data 17: 55-58). 

Regarding claim 45, the computer program product of claim 44 wherein said 
presentation output presentation output comprises at least one selected from the group 
consisting of: 

presentation output to a display, and presentation output a printer (17: 55 - 58). 

Regarding claim 46, the computer program product of claim 44 wherein said 
presentation output presentation output comprises at least one selected from the group 
consisting of: 

presentation output by a browser, presentation output by a spreadsheet program, 
and presentation output by an application program (for at least one see, displaying and 
printing statistical data 17: 55 - 58). 

Regarding claim 47, the computer program product of claim 14, further 
comprising: 

code executable to receive from a user input defining said audit transformation 
template (17: 25 - 40, & 55 - 58). 

Regarding claim 51 , which recites the library version of claim 44, see reasoning 
as previously discussed above. 

Regarding claim 52, which recites the library version of claim 45, see reasoning 
as previously discussed above. 
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Regarding claim 53, which recites the library version of claim 46, see reasoning 
as previously discussed above. 

Regarding claim 54, which recites the method version of claim 1 , see reasoning 
as previously discussed above. 

Claim Rejections - 35 (JSC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 

as set forth in section 102 of this title, if the differences between the subject matter sought to 

be patented and the prior art are such that the subject matter as a whole would have been 

obvious at the time the invention was made to a person having ordinary skill in the art to which said subject 

matter pertains. Patentability shall not be negatived by the manner in which the 

invention was made. 

6. Claims 2-9,19-36, 38, 39, 48-50 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over in view of Drake et al. USPN 6,347,374 as applied in claim 1 , 
in view of Sutton et al. USPN 5,920,719. 

Regarding claim 2, Drake discloses all the claimed limitations as 
applied in claim 1. Drake doesn't explicitly disclose wherein said template 
comprises at least one constant element. Sutton discloses abstract as well as variable 
primitives allowing the user to extend data types used for information collection (9: 30 - 
35). Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine Drake and Sutton because, using constant 
elements ensures more reusability of templates. 

Regarding claim 3, the system of claim 2 wherein said at least one constant is 
included in verbatim in said output (Drake, 4: 5 - 10). 

Regarding claim 4, Drake discloses all the claimed limitations as 
applied in claim 1 . Drake doesn't explicitly disclose wherein said template 
comprises at least one variable element. Sutton discloses abstract as well as variable 
primitives allowing the user to extend data types. used for information collection (9: 30 - 
35). Therefore it would have been obvious to one of ordinary skill in the art at the time 
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the invention was made to combine Drake and Sutton because, using variable elements 
would make the templates more customizable. 

Regarding claim 5, the system of claim 4 wherein said at least one variable 
element identifies a particular portion of the collected audit data to be included in said 
output (Drake, 4:3-25). 

Regarding claim 6, wherein said at least one variable element identifies a 
particular portion of the collected audit data to be included in said output (Drake, 4:3 - 
25). 

Regarding claim 7, the system of claim 1 wherein said collected audit data 
comprises a record for each invocation of an operating system routine that is 
included within said collected audit data, and wherein each record includes at 
least one type of audit information relating to execution of an invoked operating 
system routine (Drake, Col.9: 20 - 35). 

Regarding claim 8, the system of claim 7 wherein said at least one type of 
audit information includes at least one type selected from the group consisting 
of: 

user identification, group identification, supplementary group identification, 
process identification, event identification, event count, event type, date, 
time, thread identification, system call, capabilities used, object, and 
result (Drake 5, 40-55). 

Regarding claim 9, see reasoning in claim 4. 

Regarding claim 19, the product version of the system in claim 3, see rationale 
as previously discussed above. 

Regarding claim 20, the product version of the system in claim 4, see rationale 
as previously discussed above. 

Regarding claim 21 , the product version of the system in claim 7, see rationale 
as previously discussed above. 

Regarding claim 22, the product version of the system in claim 8, see rationale 
as previously discussed above. 
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Regarding claim 23, the computer program product of claim 22 wherein said 
audit data comprises multiple ones of said record, further comprising code executable to 
sort at least a portion of the multiple records based on at least one of said types of audit 
information (Drake, 4: 20 - 24, see filter for sort). 

Regarding claim 24, the product version of the system in claim 9, see rationale 
as previously discussed above. 

Regarding claim 25, the product version of the system in claim 10, see rationale 
as previously discussed above. 

Regarding claim 26, the method version of the system in claim 4, see rationale 
as previously discussed above. 

Regarding claim 27, the method version of the product in claim 4, see rationale 
as previously discussed above. 

Regarding claim 28, the method of claim 26 further comprising the step of 
creating, by a user, said audit transformation template (Drake, 16: 1 - 7). 

Regarding claim 29, the method version of the system in claim 3, see rationale 
as previously discussed above. 

Regarding claim 30, the method version of the system in claim 4, see rationale 
as previously discussed above. 

Regarding claim 31, the method version of the system in claim 5, see rationale 
as previously discussed above. 

Regarding claim 32, the method version of the system in claim 8, see rationale 
as previously discussed above. 

Regarding claim 33, the method of claim 26 further comprising the step of: 
presenting said output to a user (Drake, 4:3 - 25). 

Regarding claim 34, the method version of the system in claim 5, see rationale 
as previously discussed above. 

Regarding claim 35,the method of claim 26 further comprising the step of 
inputting said output to an application for processing by said application (Drake, 4:3 - 
25). 
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Regarding claim 36, the method of claim 26 further comprising the step of: 
sorting said collected audit data based at least in part on at least one type of audit 
information included therein (Drake, 17: 30 - 32, see filter and sort templates]). 

Regarding claim 38, the software version of the system in claim 5, see rationale 
as previously discussed above. 

Regarding claim 39, the library of claim 37 wherein said function executable to 
access collected audit data, said function executable to access a template, and said 
function executable to generate output are included within a common function (Drake, 
21: 7-11). 

Regarding claim 48, the method of claim 26 wherein said generating an output 
comprises: 

generating an output presentation one see, displaying and printing statistical data 
(17: 55-58). 

Regarding claim 49, the method of claim 28 wherein said presentation output 
presentation output comprises at least one selected from the group consisting of: 

(for at least one see, displaying and printing statistical data 17: 55 - 58). 

Regarding claim 50, which recites the method version of claim 42, see reasoning 
as previously discussed above. 

Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Drake et al. USPN 6,347,374 as applied in claim 1, in view Maloney et al. USPN 
6,253,337 Bl. 

Regarding claim 12, Drake discloses all the claimed limitations as applied in 
claim 1 . Drake doesn't expressly disclose wherein said template defines a format of a 
markup language. However, Maloney does disclose this feature in a similar 
configuration. Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to combine Drake with Maloney to implement the 
instant claimed invention because, use of the HTML format would made the system 
more distributed and internet compatible. 
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Response to Arguments 

7. Applicant's arguments filed 08/06/2004 have been fully considered but they are 
not persuasive to overcome the previous rejection of 05/07/2004. 

Argument (1 ), Applicant argues on page 1 1 of Applicant's response that in claim 
1,14, and 37, that Drake doesn't teach " templates are used for transforming the audit 
data from it's raw format to the standardized/normalized format", as well as teach " a 
template for defining an output format". 

Response (1 ), Examiner believes that Drake does in fact disclose these 
limitations. As set forth above in claims and as taught in Drake in 11:12 — 17 and 17: 25 
- 40, Drake discloses an Expert system with transforms data into different formats (11: 
12-14), and further discloses in 1 7: 30 - 32 and in lines 34 - 40, an 
auditor/investigator GUI, which displays data in tubular format and is able to save and 
select multiple filter and sort templates (i.e. a user defined GUI setup) for each user. 
Also see saving statistical templates and displaying and printing the data on lines 55 - 
60 of the same column. 

Regarding new claims added, claims 40 - 54, Examiner believes that Drake still 
discloses these limitations as applied above. 

In response to Applicant's argument that there is no motivation to combine Drake 
and Maloney, Examiner disagrees. 
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Drake teaches user definable templates which allows each user to save a default 
GUI setup see (17: 25 - 40). And although Examiner notes that Drake does not 
mention the template having a constant element, it is understood that a default setting 
contains constant elements and as such since the user is also able to present user 
definable or customizable elements as well, the template would have to include both 
constant and variable elements. 

Conclusion 

8. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chuck Kendall whose telephone number is 571- 
2723698. The examiner can normally be reached on 10:00 am - 6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tuan Dam can be reached on 571-2723695. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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